Skip to content

retrospective-commit-signing.md

Latest commit

 

History

History
92 lines (58 loc) · 3.57 KB

retrospective-commit-signing.md

File metadata and controls

92 lines (58 loc) · 3.57 KB

Retrospective commit signing guide

Signing previously pushed commits

If you have pushed a commit without signing this can result in your PR not being able to be merged into the main or default branch. The following steps will guide you through retrospectively signing your commits. Note you can sign multiple commits if required.

Please take the time to understand the commands that you are using, this is just a guide.

Steps

  1. Identify unsigned commits
    You have a branch that contains one or more unsigned commits. In the screenshot below, there are two unsigned commits followed by two commits showing the Verified label, which indicates they were signed.

    Commit history showing unsigned and signed commits

  2. Understand the issue
    The first two commits aren't verified, and therefore the merge to the main branch is not allowed:

    Merging is blocked as the commits aren't signed

  3. Switch to the branch with unsigned commits
    Go to your CLI and ensure that you are on the branch with the unsigned commits.

  4. Start an interactive rebase
    Issue the following command:

    git rebase -i --root

    This puts the editor into interactive mode for rebase. You will see the commit history as shown in the screenshot below:

    Interactive rebase before selecting commits

  5. Mark commits for editing
    Scroll down the list until you find the commits you want to sign. Change the keyword pick to edit for those commits.

    Interactive rebase after selecting commits

    If you are using Nano, save the changes with Ctrl+X and confirm with Enter. For Vi, exit with :wq to save and quit.

  6. Amend the commit to include a signature
    For each commit you flagged as edit, run the following commands:

    git commit -S --amend --no-edit
git rebase --continue

    Rebase will cycle through the commits you flagged for editing:

    Cycling through commits flagged for editing

    Repeat the amend and continue steps for each commit.

  7. Complete the rebase
    Once rebasing is complete, you will see a message like:

    Successfully rebased and updated refs/heads/…

  8. Push the changes
    Push the updated commits back to your branch. Use a force push if necessary:

    git push -f

  9. Verify the changes
    Refresh the browser window for your PR. You should now see the verified commits:

    Updated commit history in GitHub

Optional process variation: bulk update last N commits

If you are happy that the most recent N commits can all be signed in one go, that's possible in fewer steps than the method above, but is less flexible: you can't pick and choose which commits this acts on, so this won't always be an appropriate method.

If N == 10:

git rebase --exec "git commit -S --amend --no-edit --allow-empty" HEAD~10
git push -f

The first command automatically cycles through all 10 commits, signing each one. The second force-pushes the newly signed commits.

Note: --allow-empty is only needed if any of the commits you want to sign are empty.